CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

Slides:



Advertisements
Similar presentations
1 Identification Who are you? How do I know you are who you say you are?
Advertisements

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Access Control Methodologies
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Section – Biometrics 1. Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.
Biometric Cryptosystems Presenters: Yeh Po-Yin Yang Yi-Lun.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
Biometrics Technology Jie Meng. What is Biometrics ? Biometrics is the science and technology of measuring and analyzing biological data. In information.
FIT3105 Biometric based authentication and identity management
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.
Marjie Rodrigues
Security-Authentication
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.
Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.
Biometrics: Ear Recognition
Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.
Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication.
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
EMBEDDED SECURITY EEN 417 Fall /6/13, Dr. Eric Rozier, V1.0, ECE Thanks to Edward Lee and Sanjit Seshia of UC Berkeley.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant
G53SEC 1 Authentication and Identification Who? What? Where?
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
Biometrics Authentication Technology
Security in Computing Protection in General-Purpose Operating Systems.
G53SEC 1 Authentication and Identification Who? What? Where?
By Hafez Barghouthi. Definition ”Biometric Technologies” are automated methods of verifying or recognizing the identity of a living person based on a.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.
Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #5 Issues on Designing Biometric Systems September 7, 2005.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Biometric for Network Security. Finger Biometrics.
1 Figure 2-8: Access Cards Magnetic Stripe Cards Smart Cards  Have a microprocessor and RAM  More sophisticated than mag stripe cards  Release only.
1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.
Authentication What you know? What you have? What you are?
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
By Diana Liwanag. Overview The problem What are biometrics? –What are the different types? Short video of a system with a fingerprinting device. Identifying.
CSCE 201 Identification and Authentication Fall 2015.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
Technical Devices for Security Management Kathryn Hockman COSC 481.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
By Kyle Bickel. Road Map Biometric Authentication Biometric Factors User Authentication Factors Biometric Techniques Conclusion.
Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.
By: Brad Brosig.  Introduction  Types of Biometric Security  The Installation Process  Biometric Authentication Errors  The Necessity of Mobile Device.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
INTRO TO COMPUTER SECURITY LECTURE 4 IDENTIFICATION AND AUTHENTICATION M M Waseem Iqbal
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Challenge/Response Authentication
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
SUBMITTED BY ATHIRA BALAKRISHNAN
Identification and Authentication
Challenge/Response Authentication
Biometrics Reg: AMP/HNDIT/F/F/E/2013/067.
Authentication and Identification
Faculty of Science IT Department Lecturer: Raz Dara MA.
Computer Security Authentication
Computer Security Protection in general purpose Operating Systems
Presentation transcript:

CSC 386 – Computer Security Scott Heggen

Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability of someone learning your password from the user Reducing the probability of someone learning your password from the system

What About the System? Where are usernames and passwords stored? An attacker could try to compromise the confidentiality or integrity of this file Countermeasures: cryptographic protection, access control enforced by the operating system, combination of cryptographic protection and access control, possibly with further measures to slow down dictionary attacks.

One-way Functions For cryptographic protection we can use one-way functions (cryptographic hash functions). Definition: A one-way function f is a function that is relatively easy to compute but hard to reverse. Given an input x it is easy to compute f(x), but given an output y it is hard to find x so that y = f(x) Instead of the password x, the value f(x) is stored in the password file; when a user logs in entering a password x’, the system applies the one-way function f and compares f(x’) with the expected value f(x).

Peruvian Coin Flip User creates a password User runs the password through some arbitrarily complex math function User shares result with system

Access Control Settings Who should be able to write to a password file? Who should be able to read from a password file?

Caching When navigating through a website, why don’t you need to log in on every page load? Passwords are sometimes stored locally to retain a “session” This password can remain in the cache for long periods of time

Single Sign-on At Berea, how many systems do you sign into? How many username/password combinations do you have for all these systems? What’s wrong with this “feature”?

Other Forms of Authentication What other ways can we authenticate a user? Based on: Something you know Something you have Something you are

Something You Know The user has to know some secret to be authenticated. Examples: password, personal identification number (PIN), personal information like home address, date of birth, name of spouse (used e.g. by banks to authenticate customers on the phone). Anybody who obtains your secret “is you”. You leave no trace if you pass your secret to somebody else. There is a case of computer misuse where somebody has logged in using your username and password. Can you prove your innocence? Can you prove that you have not divulged your password?

Something You Have User presents a physical token to be authenticated. Examples: keys, cards or identity tags (access to buildings), smart cards. Physical tokens can be lost or stolen. Anybody who is in possession of the token has the same rights as the legitimate owner. To increase security, physical tokens are often used in combination with something you know, e.g. bank cards come with a PIN or with a photo of the user.

Something You Are Biometric schemes use unique physical characteristics (traits, features) of a person such as face, finger prints, iris patterns, hand geometry (maybe even DNA at some time in the future). Biometrics may seem to offer the most secure solution for authenticating a person. Biometric schemes are still quite new; it has to be seen whether results from experiments conducted in controlled environments are a good indicator for practical performance.

Failure Rates New issue: false positives and false negatives Accept wrong user (false positive): security problem. Reject legitimate user (false negative): creates embarrassment and an inefficient work environment.

Technology Analysis Based on a (given) databases of biometric samples. Measures performance of the algorithms extracting and comparing biometric features. False match rate (FMR): False non-match rate (FNMR):

Finding the Right Balance FMRFNMR 01Matching Threshold (in %) EER 0% 10% 20% 30% (Equal error rate)

New Stuff in Authentication Two-factor Gesture Authentication Picture-Gesture Authentication Keystroke Cops Voice RFID Tags

Summary Authentication is not about guaranteeing a person’s identity is correct Authentication is about maximizing the probability that a person’s identity is correct …or alternatively, minimizing the probability that a person’s identity is forged Must balance the probability that a failure allows wrongful access against the probability that a failure denies rightful access

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.